From 1d710a6d42d3700cfb9981d0d9ca323b9c80f130 Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Wed, 29 Jun 2022 21:27:50 -0700
Subject: [PATCH] fix up IPA portion

---
 func/stacks/ipa/20-ipa-user.sh    | 25 +++++++++++++++++--------
 func/stacks/ipa/21-ipa-service.sh |  8 ++++----
 func/stacks/ipa/22-ipa-dns.sh     |  6 +++---
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/func/stacks/ipa/20-ipa-user.sh b/func/stacks/ipa/20-ipa-user.sh
index 71be555..c0f5313 100755
--- a/func/stacks/ipa/20-ipa-user.sh
+++ b/func/stacks/ipa/20-ipa-user.sh
@@ -19,28 +19,37 @@ klist | grep "admin@RLIPA.LOCAL" &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Test adding a user"
-userDetails="$(ipa user-add --first=test --last=user --random ipatestuser)"
-echo "$userDetails" | grep -q 'Added user "ipatestuser"'
-r_checkExitStatus $?
+ipa user-add --first=test --last=user --random ipatestuser > /tmp/ipatestuser
+grep -q 'Added user "ipatestuser"' /tmp/ipatestuser
 
-echo "$userDetails" | grep -q 'First name: test'
+ret_val=$?
+if [ "$ret_val" -ne 0 ]; then
+  r_log "ipa" "User was not created, this is considered fatal"
+  r_checkExitStatus 1
+  exit 1
+fi
+
+sed -i 's|^  ||g' /tmp/ipatestuser
+grep -q 'First name: test' /tmp/ipatestuser
 r_checkExitStatus $?
-echo "$userDetails" | grep -q 'Last name: user'
+grep -q 'Last name: user' /tmp/ipatestuser
 r_checkExitStatus $?
-echo "$userDetails" | grep -q 'Full name: test user'
+grep -q 'Full name: test user' /tmp/ipatestuser
 r_checkExitStatus $?
-echo "$userDetails" | grep -q 'Home directory: /home/ipatestuser'
+grep -q 'Home directory: /home/ipatestuser' /tmp/ipatestuser
 r_checkExitStatus $?
 
 r_log "ipa" "Changing password of the user"
 kdestroy &> /dev/null
+userPassword="$(awk '/Random password/ { print $3 }' /tmp/ipatestuser)"
+/bin/rm /tmp/ipatestuser
 
 expect -f -  <<EOF
 set send_human {.1 .3 1 .05 2}
 spawn kinit ipatestuser
 sleep 1
 expect "Password for ipatestuser@RLIPA.LOCAL: "
-send -h -- "$(echo "$userDetails" | awk '$0 ~ /Random password/ {print $3}')\r"
+send -h -- "$(echo "$userPassword")\r"
 sleep 1
 expect "Enter new password: "
 send -h -- "gr@YAm3thy5st!\r"
diff --git a/func/stacks/ipa/21-ipa-service.sh b/func/stacks/ipa/21-ipa-service.sh
index 408709b..c509ab6 100755
--- a/func/stacks/ipa/21-ipa-service.sh
+++ b/func/stacks/ipa/21-ipa-service.sh
@@ -19,15 +19,15 @@ klist | grep "admin@RLIPA.LOCAL" &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Adding test service"
-ipa service-add testservice/rltest.rlipa.local &> /dev/null
+ipa service-add testservice/onyxtest.rlipa.local &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Getting keytab for service"
-ipa-getkeytab -s rltest.rlipa.local -p testservice/rltest.rlipa.local -k /tmp/testservice.keytab &> /dev/null
+ipa-getkeytab -s onyxtest.rlipa.local -p testservice/onyxtest.rlipa.local -k /tmp/testservice.keytab &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Getting a certificate for service"
-ipa-getcert request -K testservice/rltest.rlipa.local -D rltest.rlipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key &> /dev/null
+ipa-getcert request -K testservice/onyxtest.rlipa.local -D onyxtest.rlipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key &> /dev/null
 r_checkExitStatus $?
 
 while true; do
@@ -49,7 +49,7 @@ while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null; do
 done
 
 r_log "ipa" "Verifying keytab"
-klist -k /tmp/testservice.keytab | grep "testservice/rltest.rlipa.local" &> /dev/null
+klist -k /tmp/testservice.keytab | grep "testservice/onyxtest.rlipa.local" &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Verifying key matches the certificate"
diff --git a/func/stacks/ipa/22-ipa-dns.sh b/func/stacks/ipa/22-ipa-dns.sh
index d9aa8e9..e0b507f 100755
--- a/func/stacks/ipa/22-ipa-dns.sh
+++ b/func/stacks/ipa/22-ipa-dns.sh
@@ -19,7 +19,7 @@ klist | grep "admin@RLIPA.LOCAL" &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Adding testzone subdomain"
-ipa dnszone-add --name-server=rltest.rlipa.local. --admin-email=hostmaster.testzone.rlipa.local. testzone.rlipa.local &> /dev/null
+ipa dnszone-add --name-server=onyxtest.rlipa.local. --admin-email=hostmaster.testzone.rlipa.local. testzone.rlipa.local &> /dev/null
 r_checkExitStatus $?
 sleep 5
 
@@ -28,7 +28,7 @@ dig @localhost SOA testzone.rlipa.local | grep -q "status: NOERROR" &> /dev/null
 r_checkExitStatus $?
 
 r_log "ipa" "Adding a CNAME record to the primary domain"
-ipa dnsrecord-add rlipa.local testrecord --cname-hostname=rltest &> /dev/null
+ipa dnsrecord-add rlipa.local testrecord --cname-hostname=onyxtest &> /dev/null
 r_checkExitStatus $?
 sleep 5
 
@@ -37,7 +37,7 @@ dig @localhost CNAME testrecord.rlipa.local | grep -q "status: NOERROR" &> /dev/
 r_checkExitStatus $?
 
 r_log "ipa" "Adding a CNAME to subdomain"
-ipa dnsrecord-add testzone.rlipa.local testrecord --cname-hostname=rltest.rlipa.local. &> /dev/null
+ipa dnsrecord-add testzone.rlipa.local testrecord --cname-hostname=onyxtest.rlipa.local. &> /dev/null
 r_checkExitStatus $?
 sleep 5